NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-7(5)Automated Response to Integrity Violations

Automatically {{ insert: param, si-07.05_odp.01 }} when integrity violations are discovered.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Organizations may define different integrity-checking responses by type of information, specific information, or a combination of both. Types of information include firmware, software, and user data. Specific information includes boot firmware for certain types of machines. The automatic implementation of controls within organizational systems includes reversing the changes, halting the system, or triggering audit alerts when unauthorized modifications to critical security files occur.

Practitioner Notes

When an integrity violation is detected, the system should automatically take corrective action — not just alert and wait for someone to respond manually.

Example 1: Configure Windows File Protection to automatically restore system files that have been modified. If malware replaces a system DLL, Windows automatically restores the original from its cache.

Example 2: In a containerized environment (Docker/Kubernetes), configure the orchestrator to automatically restart containers with modified file systems. Since container images are immutable, restarting restores the known-good state automatically and alerts your monitoring team.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(2) Automated Flaw Remediation Status